According to industry recognized best practices, securing the communications within complex IT environments, either traditional IT or cloud, requires a defense-in-depth approach that involves the configuration of host (server or workstation) based firewalls, network firewalls, virtual private network (VPN) router based firewalls, hypervisor based firewalls, and router/switch access control lists (ACLs).
Currently, the security elements are managed independently in multiple respects. Different administrative tools may be required to manage network security policy across firewalls, routers, and others alike. Enabling a new service on a server may require changes to multiple network security policies to allow end-to-end access. For example, enabling a new web service may require a host and one or more network firewall changes which are performed consistently and at the same time. The current approach causes a great deal of overhead labor with regard to the management of appropriate and inappropriate network access. Additionally, server operating system firewalls and workstation operating system firewalls are not commonly used as security controls due to the fact that there is a high level of management overhead.